17 matches found
Security Bulletin: A vulnerability in the Axios library affects Db2 Big SQL
Summary A vulnerability in the Axios library affects Db2 Big SQL 7.8 and earlier on Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a...
Security Bulletin: IBM Storage Ceph is vulnerable to an Origin Validation Error in Grafana (CVE-2024-57965)
Summary Axios is a dependency of Grafana, and Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-57965 Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8,...
Security Bulletin: Axios before 1.7.8 uses setAttribute('href') in isURLSameOrigin.js, raising potential security concern
Summary In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a...
Security Bulletin: A vulnerability in axios may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2024-57965)
Summary There is a vulnerability in axios used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8,...
Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz which is vulnerable to CVE-2024-57965.
Summary IBM Maximo Application Suite uses axios-1.7.7.tgz which is vulnerable to CVE-2024-57965. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not u...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.3.4.min.js, axios-1.7.7.tgz CVE-2024-57965
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.3.4.min.js, axios-1.7.7.tgz CVE-2024-57965. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8,...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',hr...
Security Bulletin: Multiple vulnerabilities affect IBM Business Automation Workflow - CVE-2025-27789, CVE-2024-57965, CVE-2025-27152, CVE-2024-55565
Summary Some IBM Business Automation Workflow user interfaces may be affected by vulnerabilities in JavaScript libraries. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002.
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002. Vulnerability Details CVEID:CVE-2025-22866 DESCRIPTION: Due to the usage of a variable time...
Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation which could result in an unwanted setAttribute('href',href) (CVE-2024-57965)
Summary A vulnerability in axios affects IBM Robotic Process Automation which could result in an unwanted setAttribute'href',href. IBM Robotic Process Automation uses axios as part of the user interface. This bulletin identifies the fixes or remediations available to resolve this vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2024-57965
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',hr...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.6.1. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted...
CVE-2024-57965
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...
CVE-2024-57965
creationtimestamp| type| source ---|---|--- 2025-01-29 09:09:32+00:00| seen| https://infosec.exchange/users/cve/statuses/113910859195697321 2025-01-29 09:15:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgun2bt7l22i 2025-01-29 10:10:11+00:00|...
CVE-2024-57965
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...
CVE-2024-57965
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...
CVE-2024-57965
CVE-2024-57965 is a vulnerability in axios (before 1.7.8) where isURLSameOrigin.js does not use a URL object to determine origin and may perform an unwanted setAttribute('href', href). IBM security bulletins align this CVE with IBM Db2 Big SQL on Cloud Pak for Data and related products, noting an...